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DETAILED ACTION 

1. This office action is in reply to an amendment filed on November 9, 2006. 
All independent claims 1, 14, 24 and 30 are amended. Claims 1-34 are 
pending/ examined. 

Response to Arguments 

2. Applicant's remark/ arguments filed on November 9, 2006 regarding claims 1- 
34 have been fully considered but they are not persuasive. 

Applicant argument is based on the reference used in rejecting the 
corresponding limitation recited in the independent claims 1, 14, 24 and 30. 
Applicant in particular argued that the limitations which is now added in the 
independent claims are not disclosed by the references used in the record 
namely, the combination of Dicorpo and Narain. 

In order to support his argument, Applicant wrote the following. 
"Dicorpo fails, however, to teach or suggest determining that if the identified 
security configuration were applied to the selected initiator, the applied 
identified security configuration would not cause the selected initiator to 
conflict with any of the existing security configurations of the other of the 
plurality of initiators, as recited in claim 1 . Dicorpo also fails to teach or suggest 
upon determining that the identified security configuration would not cause the 
selected initiator to conflict with any of the existing security configurations of 
the other of the plurality of initiators, an act of configuring the selected initiator 
using the identified security configuration, as recited in claim 1. At least for 
either of these reasons Applicants respectfully submit that claim 1 patentably 
defines over the prior art of record. For at least either of the same reasons, 
claims 14, 24, and 30 also patentable define over the prior art of record." 
Examiner disagrees with the above argument. 
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Examiner would point out that the combinations of Dicorpo and Narain 
discloses each and every limitation of the amended independent claims as 
shown below. 

As per independent claims 1. 14, 24 and 30 Dicorpo discloses in a 
computer system that including a plurality of initiators, [Abstract, "plurality 
of initiators", and figure 1, ref. Num "110" and "120"] each for initiating 
communication with target devices [Abstract, see, "Physical device" and 
column 19, lines 17-19; figure 1, 5, 7 and 8] (In some embodiments, the virtual 
LUN can have a specified interface definition, for example a general definition that can 
emulate many different physical devices) over a network, [column 1 1, lines 15-18] 
( Internet SCSI (iSCSI)-to-SCSI applications,) a method for configuring the 
computer system to securely communicate with a target device over the 
network, [Abstract, "an apparatus comprises a data path capable of coupling a 
physical device to a plurality of initiators") the method comprising the following 
performed by an abstraction module that configures each of the plurality of 
initiators in a manner that security conflicts between the plurality of 
initiators is avoided: [Abstract, "A controller comprises an executable process that 
creates a virtual device object that resolves conflicting concurrent attempts to access the 
physical device by a plurality of initiators.") 

• An act of exposing a common interface that may be used to 
configure any of the plurality of initiators; [Abstract and column 13, lines 34-36 
and figure 7] (See abstact, "An interface is coupled to the data path and forms a 
command pathway between the plurality of initiators and the physical device". And on 
column 13, lines 34-36, it has been disclosed that the protocol interface 710 serves as a 
common interface point for external communications.) 
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• An act of receiving an indication through the common interface that 
a selected initiator from among the plurality of initiators is to be 
configured to communicate with a selected target device; [Abstract; column 
4, lines 36-38; column 13, lines 27-37 and figure 7]( For instance, on column 4, 
lines 36-38 and on abstract, it has been disclosed that an interface is coupled to 
the data path and forms a command pathway between the plurality of initiators and 
the physical device. Furthermore, at least on column 13, lines 27-37, the following has 
been disclosed. " The protocol interface 710 performs virtual/ physical mapping to 

* 

facilitate virtualization of storage LUNs. The protocol interface 710 receives commands 
and configures information blocks for transmission, for example by matching status to 
the correct command, and supplying header information for status frames. The protocol 
interface 710 also handles initiator protocol, for example by obtaining unit attention of 
the first access of an initiator. The protocol interface 710 can manage signals from 
multiple LUNs. The protocol interface 710 serves as a common interface point for 
external communications.") 

• An act of retrieving security information from a database [Figure 7, 
ref. Num "722" or/and "724"] that includes information that is relevant to 
configuring security for any of the plurality of initiators; an act of 
identifying a security configuration of the selected initiator using the 
retrieved security information;[Column 17, lines 38-46 and column 16, lines 
40-47 and Column 15, lines 62-column 16, lines 47; column 13, lines 46- 
column 14, line 4] 

• An act of determining if the identified security configuration were 
applied to the selected initiator, the applied identified security 
configuration would not cause the selected initiator to conflict with any of 
the existing security configurations of other of the plurality of initiators; 
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and upon determining that the identified security configuration would not 
cause the selected initiator to conflict with any of the existing security 
configurations of the other of the plurality of initiators, an act of 
configuring the selected initiator using the identified security 
configuration. [See, abstract and claim 1] (an interface coupled to the data path 
and forming a command pathway between the plurality of initiators and the physical 
device; and a controller coupled to the data path and coupled to the interface, the 
controller comprising an executable process that creates a virtual device object that 
resolves conflicting concurrent attempts to access the physical device by a plurality of 
initiators, the virtual device object being capable of protecting state of the physical 
device during successive data transfer and media movement operations by emulating 
responses of the physical device and redirecting access to the physical device when the 
physical device becomes available.) 

Dicorpo does not explicitly teach that retrieving security information 
that is relevant to configure security from a database. 

However, in the same field of endeavor, Narain discloses the concept of 
retrieving security information that is relevant to configure security from a 
database. [See, at least figure 1, ref. Num "150" and paragraph 0028; paragraph 
0007; paragraph 0015]. 

Furthermore Narain on paragraph, 0021 and 0047-0048 including table 1, 
shows how for instance, IPsec has a number of security configuration options 
and must be configured with the appropriate IPSec security information to avoid 
that the security information of one does not conflict with the security 
information of any other security information specially when they are supplied 
by different venders, by providing intermediate abstractions and forming vendor 
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neutral requirements that represents instructions that are directly related to 
setting security configuration parameters of devices that support or implement 
end-to-end requirement. [See also paragraph 0006 and claim 6] (Examiner would 
also indict that the above security configuration problem is what the applicants 
invention is trying to solve. See for instance applicant specification on page 4, 
paragraph 0007) 

In response to applicant's arguments against the primary references individually 
in particular Dicorpo reference's, examiner would point out that one cannot 
show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. 
Cir. 1986). 

Though the specification could contain some allowable subject matter, the 
independent claims are not yet been written to include such limitations. For 
instance, applicant could elaborate or specifically indicate what the security 
configuration information is, in the independent claim itself, otherwise such 
term is a broad term. Furthermore it has been found that the present 
amendment made does not basically change the scope of the independent claims 
and is something, which is already disclosed, by the combination of the 
references. Therefore the rejection is maintained till applicant further amend at 
least the independent claims and successfully overcome the ground of rejection 
set forth in this office action. 



Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dicorpo et al (hereinafter referred as Dicorpo) (U.S. Patent 6,816,917 B2) (filed 
on 01/15/2003) in view of Narain (hereinafter referred as Narain)( U.S. 
Publication No: 2003/0084135 Al) (filed on September 28, 2001) 

5. As per claims 1, 14-15, 24 and 30 Dicorpo discloses in a computer system 
that including a plurality of initiators, [Abstract, "plurality of initiators", and figure 1, 
ref. Num "1 10" and "120"] each for initiating communication with target devices 
[Abstract, see, "Physical device" and column 19, lines 17-19; figure 1, 5, 7 and 8] 
(In some embodiments, the virtual LUN can have a specified interface definition, for example a 
general definition that can emulate many different physical devices) over a network, 
[column 11, lines 15-18] ( Internet SCSI (iSCSI)-to-SCSI applications,) a method for 
configuring the computer system to securely communicate with a target device 
over the network, [Abstract, "an apparatus comprises a data path capable of coupling a 
physical device to a plurality of initiators") the method comprising the following 
performed by an abstraction module that configures each of the plurality of 
initiators in a manner that security conflicts between the plurality of initiators is 
avoided: [Abstract, "A controller comprises an executable process that creates a virtual device 

9 

object that resolves conflicting concurrent attempts to access the physical device by a plurality 
of initiators.") 

• An act of exposing a common interface that may be used to 

configure any of the plurality of initiators; [Abstract and column 13, lines 34-36 
and figure 7] (See abstact, "An interface is coupled to the data path and forms a 



Application/Control Number: 10/658,838 . Page 8 

Art Unit: 213 2 

command pathway between the plurality of initiators and the physical device". And on 
column 13, lines 34-36, it has been disclosed that the protocol interface 710 serves as a 
common interface point for external communications.) 

• An act of receiving an indication through the common interface that 
a selected initiator from among the plurality of initiators is to be 
configured to communicate with a selected target device; [Abstract; column 
4, lines 36-38; column 13, lines 27-37 and figure 7]( For instance, on column 4, 

, lines 36-38 and on abstract, it has been disclosed that an interface is coupled to 
the data path and forms a command pathway between the plurality of initiators and 
the physical device. Furthermore, at least on column 13, lines 27-37, the following has 
been disclosed. " The protocol interface 710 performs virtual/ physical mapping to 
facilitate virtualization of storage LUNs. The protocol interface 710 receives commands 
and configures information blocks for transmission, for example by matching status to 
the correct command, and supplying header information for status frames. The protocol 
interface 710 also handles initiator protocol, for example by obtaining unit attention of 
the first access of an initiator. The protocol interface 710 can manage signals from 
multiple LUNs. The protocol interface 710 serves as a common interface point for 
external communications.") 

• An act of retrieving security information from a database [Figure 7, 
ref. Num "722" or/and "724"] that includes information that is relevant to 
configuring security for any of the plurality of initiators; an act of 
identifying a security configuration of the selected initiator using the 
retrieved security information;[Column 17, lines 38-46 and column 16, lines 
40-47 and Column 15, lines 62-column 16, lines 47; column 13, lines 46- 
column 14, line 4] 
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• An act of determining if the identified security configuration were 
applied to the selected initiator, the applied identified security 
configuration would not cause the selected initiator to conflict with any of 
the existing security configurations of other of the plurality of initiators; 
and upon determining that the identified security configuration would not 
cause the selected initiator to conflict with any of the existing security 
configurations of the other of the plurality of initiators, an act of 
configuring the selected initiator using the identified security 
configuration. [See, abstract and claim 1] (an interface coupled to the data path 
and forming a command pathway between the plurality of initiators and the physical 
device; and a controller coupled to the data path and coupled to the interface, the 
controller comprising an executable process that creates a virtual device object that 

■ 

resolves conflicting concurrent attempts to access the physical device by a plurality of 
initiators, the virtual device object being capable of protecting state of the physical 
device during successive data transfer and media movement operations by emulating 
responses of the physical device and redirecting access to the physical device when the 
physical device becomes available.) 

Dicorpo does not explicitly teach that retrieving security information 
that is relevant to configure security from a database. 

However, in the same field of endeavor, Narain discloses the concept of 
retrieving security information that is relevant to configure security from a 
database. [See, at least figure 1, ref. Num "150" and paragraph 0028; paragraph 
0007; paragraph 0015]. 

Furthermore Narain on paragraph, 0021 and 0047-0048 including table 1, 
shows how for instance, IPsec has a number of security configuration options 
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and must be configured with the appropriate IPSec security information to avoid 
that the security information of one does not confilict with the security 
information of any other security information specially when they are supplied 
by different venders, by providing intermediate abstractions and forming vendor 
neutral requirements that represents instructions that are directly related to , 
setting security configuration parameters of devices that support or implement 
end-to-end requirement. [See also paragraph 0006 and claim 6] (Examiner would 
also indicate the fact that the above security problem is what the applicant's 
invention is trying to solve. See for instance applicant specification on page 4, 
paragraph 0007) 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the features of having a particular 
configuration database for retrieving security information that includes 
configuring security as per teachings of Narain in to the method as taught by 
Dicorpo for the purpose avoiding localizing instructions to each devices by 

* 

cataloging all abstractions for all algorithms in configuration database and 
ultimately creating end-to-end requirement for a very large class of system or 
network. [See Narain; paragraph 0019] 

6. As per claims 2-3 and 16-17 . the combination of Dicorpo and Narain discloses 
the method as applied to claims above. Furthermore, Dicorpo discloses, the 
method wherein the identified security configuration is different than the 
retrieved security information, [figure 7; and Column 17, lines 38-46 and 
column 16, lines 40-47 and Column 15, lines 62-column 16, lines 47; column 
13, lines 46-column 14, line 4] 

7. As per claims 4-5 :18-19 and 28-29 , the combination of Dicorpo and Narain 

discloses the method as applied to claims above. Furthermore, Narain discloses 
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the method, wherein the retrieved security information comprises IPSec 
configuration information. [Paragraph 0021] 

8. As per claims 6 and 20 , the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the selected initiator is configured to cause communication to occur 
with the target device using iSCSI. [column 11, lines 15-18] ( Internet SCSI (iSCSI)- 
to-SCSI applications..) 

9. As per claims 7 and 21 . the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Narain discloses the method, 
wherein the act of retrieving security information from a database comprises an 
act of retrieving the security information from an Active Directory. [See, at least 
figure 1, ref. Num "150" and paragraph 0028; paragraph 0007; paragraph 0015] 

10. As per claims 8 and 22 . the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the selected initiator is a hardware initiator. [Abstract; and figure 1, ref. 
Num "110" and "120"] 

11. As per claims 9 and 23 . the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein, wherein the selected initiator is a software initiator, ["making it a 
hardware /software is an arbitrary design choice"] 

12. As per claim 10 . the combination of Dicorpo and Narain discloses the method 
as applied to claims above. Furthermore, Narain disclose the method, wherein 
the act of retrieving security information occurs in response to the act of the 
abstraction module receiving the indication. [Abstract; paragraph 0019] 
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13. As per claims 11-12 and 31 . the combination of Dicorpo and Narain discloses 
the method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the indication through the common interface is received in response to a 
request to communicate with the selected target device. [Abstract and column 13, lines 34- 
36 and figure 7] (See abstact, "An interface is coupled to the data path and forms a command 
pathway between the plurality of initiators and the physical device". And on column 13, lines 
34-36, it has been disclosed that the protocol interface 710 serves as a common interface point for 
external communications,) 

14. As per claims 13 . the combination of Dicorpo and Narain discloses the method 
as applied to claims above. Furthermore, Dicorpo discloses the method, wherein 
the indication through the common interface is received in response to 
initializing the computer system. [Column 14, lines 5-15] (The command filter 712 
also performs initialization for LUN virtualization. On system powerup and possibly 
other conditions, the system begins with no known state, no starting information. The 
initialization procedure collects information for storage in the device state cache 722 to 
enable LUN virtualization. In one embodiment, the command filter 712 calls for 
initialization and the LUN monitor 714 accesses storage elements in the device state 
cache 722 and determines that no state is defined. The LUN monitor 714 accesses the 
device profile cache 724 to fill storage elements in the device state cache 722) 

15. As per claims 25 and 32 . the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the one or more computer-readable media are physical memory 
media. [Figure 5; ref. Num "530") ( The router, SCSI Controller 524, interprets 
the command and places the interpreted command in the buffer memory 530) 
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16. As per claims 26 and 33 , the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the one or more computer-readable media is persistent memory. [Figure 
7; ref.Num"724"; column 15, lines 43-45] ( The device profile cache 724 is 
typically a non-volatile memory or storage that stores command and response 
sequences) 

17. As per claims 27 and 34 , the combination of Dicorpo and Narain discloses the 
method as applied to claims above. Furthermore, Dicorpo discloses the method, 
wherein the one or more computer-readable media is volatile system memory, 
[column 15, lines 39-40; Figure 7, ref.Num "722"] ( The device state cache 722 is 
a volatile memory or storage that stores] 

18. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 

i 

MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will expire on the date the 
advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) 
will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from 
the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 
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571-272-3806. The examiner can normally be reached on Monday-Friday (8:00 
am-— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax phone 
number for the organization where this application or proceeding is assigned is 571-273- 
8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private 
PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free) . 

SAMSON LEMMA 



01/10/2007 
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